Summary
The Symantec Security Analytics web UI is susceptible to an OS command injection vulnerability. A remote unauthenticated attacker, who has access to the Security Analytics web UI, can execute arbitrary OS commands on the target with elevated privileges.
Affected Product(s)
The following products and product versions are vulnerable to the CVEs listed. If a CVE is not listed, the product or version is not known to be vulnerable to it.
CVE |Supported Version(s)|Remediation
CVE-2021-30642 | 7.2 | Upgrade to 7.2.7
8.1 | Upgrade to 8.1.3-NSR3
8.2 | Upgrade to 8.2.1-NSR2 or 8.2.2
Issue Details
Severity / CVSS v3.1: | Critical / 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) References:| NVD: CVE-2021-30642 Impact:| OS command injection Description: | An input validation flaw in the Symantec Security Analytics web UI allows a remote, unauthenticated attacker to execute arbitrary OS commands on the target with elevated privileges.
Mitigation
CVE-2021-30642 is only exploitable in Security Analytics when the remote attacker can access the web UI. Security Analytics administrators can configure the on-appliance firewall to restrict web UI access to trusted IP addresses and subnets.
Revisions
2021-04-20 initial public release
CPE | Name | Operator | Version |
---|---|---|---|
security analytics (sa) | eq | 7 | |
security analytics (sa) | eq | 8 | |
security analytics (sa) | eq | 8 |